Privacy statement and information in the sense of the EU GDPR

The protection of your personal data is an important objective for us. Therefore, we want to use the privacy statement below to provide you (as a visitor to our website) with information on how your data are processed. You will, in particular, find out which data we collect from you, which purpose the processing of such fulfils, on which legal basis such data are processed and which rights you, as the data subject, have. Moreover, with this statement we concurrently also fulfil our information requirements according to the EU General Data Protection Regulation (EU GDPR).  

On our website and mobile apps (referred to as “services” below), we provide a portal which you can, for example, use to agree a payment by instalments or which you can use to inform us of a change of address, etc. We point out that, in addition to your visit to this website, the data will also be processed for the purpose of accounts management. More detailed information on the purposes, the legal basis and the scope of processing of your data, sources and recipients of personal data, as well as the period for which your data are stored in the collection proceedings, is provided here: Data protection information regarding collection proceedings

Please note that the disclaimers, (data protection) legal notices and all the other data and information available at de.flow.riverty.com are only legally binding in the respective German version, even if there is a translation provided. This also applies in the case of own translations, e.g. using translation tools. In case of conflicts or discrepancies between the German version and a version in another language, the German version alone shall be binding. 

 

Privacy notice regarding our services

A) General

Responsible body

Riverty Services GmbH  
Gütersloher Str. 123
33415 Verl
Germany

Data protection officer

Riverty Services GmbH
Mr Nils Unverhau
Gütersloher Str. 123
33415 Verl
Germany
 
@email

Whenever we refer to "we", "us" or the "company" below, this always refers to Riverty Services GmbH.

 

B) Purpose and legal basis for the processing of visitor data

Purpose of data processing

The data collected in the framework of your visit to our website are collected for the following purposes:

  • internal system-specific and statistical purposes
  • technical administration of the website
  • presentation & optimisation of the website

If you use a log-in for our services (portal use or portal), we will also, in addition, process your personal data for the following purposes:

  • identification
  • answering, executing and implementing your request(s)
  • contract processing, accounts management and enforcing rights

Legal basis for data processing

Your personal data are processed during your use of our services on the basis of legitimate interests within the meaning of art. 6 sub-section 1 sentence 1 lit. f) and, if applicable, your consent within the meaning of art. 6 sub-section 1 sentence 1 lit. a) EU GDPR. The above-mentioned purposes constitute a legitimate interest.
 
More detailed information on the legal basis for data processing involving the cookies used is provided under section 4) Particularity: Cookies.

 

C) Scope of data processing use of the services

1. Categories of personal data

During your use of our services, we process the following data: 

  • randomised IP address
  • date and time
  • pages visited
  • user interactions
  • data of the requesting computer
  • identification data of the browser and operating system type
  • device number / UUID (if mobile apps are used)
  • last page visited

If you log on to our portal using your access data, the following personal data may be processed, in addition:

  • master data (salutation, name, first name, title, date of birth, PIN)
  • address data
  • communications data
  • bank details
  • correspondence contact data
  • data regarding the account
  • the IP of the requesting computer

At this point, we would like to point out that, of course, you are not obliged to specify your personal data in our portal. However, we ask for your understanding that, for data protection legislation reasons, some functions cannot be used without the entry of certain personal data. 

 

2. Recipient of personal data

The visitor data processed in the framework of the use of this website are not, in principle, forwarded to third parties. Although we use service providers for hosting and maintaining our website, these service providers are required to comply with the statutory provisions in the framework of a data processing contract.
 
Upon instruction by the competent authority, we might, in a specific case, be required to provide information on data in as far as this is necessary for the purposes of prosecution or danger prevention.

 

3. Duration of data retention

The processed visitor data are only stored, in principle, for the duration of your visit. There might be deviations in the retention period for randomised data which are collected in the framework of the cookies used. Details on this are provided under section 4) Particularity: Cookies and at Cookies | Riverty.
 
Apart from this, your personal data are deleted forthwith if the purposes for which they were collected cease to apply, or if the data required for processing are no longer needed to attain the purposes outlined. This does not apply in as far as the data are subject to statutory periods of retention (e.g. section 147 German Fiscal Code, section 257 German Commercial Code) or a retention is necessary to assert, exercise or defend legal claims (e.g. section 195 German Civil Code).

 

4. Particularity: Cookies

General information on cookies

Cookies are small text files used by websites to make the user experience more efficient. We use cookies to personalise content and displayed information and to analysis how our website is accessed. Moreover, we forward information on your use of our website to our partner for analyses.
 
Under the applicable law, we can save cookies on your device if these are absolutely necessary for the operation of this website. However, we need your permission for all other types of cookies. You can change or revoke your consent to the cookie statement on our website at any time.
 
Our services use different types of cookies. Some cookies which are needed for the above-mentioned purposes are placed by third parties. Information on which cookies are used specifically is provided in the settings of the mobile apps or at Cookies | Riverty.

  • Essential cookies help to make a website usable by enabling basic functions, such as page navigation and access to secure areas of the website. Our services cannot work properly without these cookies.
  • Functional cookies help website owners understand how visitors interact with websites by collecting and reporting anonymous information. These cookies are used to better understand the user behaviour. Analytical cookies enable the collection of usage and recognition possibilities in so-called pseudonymous usage profiles. For example, we use analytical cookies to determine the number of individual website visitors or to analyze user behavior on the basis of anonymous and pseudonymous information. A direct conclusion on a person is not possible. The legal basis for these cookies is Art. 6 1 a) DSGVO.
  • Marketing cookies are new cookies which have been added and not yet been assigned to a category. We only place these cookies if visitors have agreed to the use of all cookies or if they have expressly agreed to the use of unclassified cookies in the detail settings of the consent manager. We try to provide a classification for new cookies as soon as possible to enable visitors to benefit from the best possible functionality of the website after consent to the use of cookies.

5. Special feature: Mobile apps

  • Face/Touch ID: To facilitate a faster log-in, the user can activate Face ID or Touch ID and authenticate that way. This function is optional. All the information on fingerprints and the face, etc., are saved locally on the device. Data is not transmitted.  
  • Push notifications: The user can activate notifications which, e.g. provide information on new due dates or payment receipts. This function is optional and can be changed at any time. To this end, the device ID is saved on the server to specifically address the user device.

 

6. Finance overview

Special data protection notes regarding data processing by Riverty Services GmbH for the use of the “finance overview” function


The following data are processed: First name and name of the data subject, banking details and accounting transactions relating to the account.


Art. 6 section 1 S. 1 lit. a) EU GDPR forms the legal basis for data processing.


The data are processed for the purpose of creating a budget and to check options for settling outstanding liabilities.


Riverty Services GmbH saves the aggregated account information (budget account) for a period of 6 months, and automatically deletes the information after the end of this period.

informa Solutions GmbH, Rheinstraße 99, 76532 Baden-Baden, which has been commissioned for order processing according to art. 28 EU GDPR, is the recipient of the data.

In principle, all the data are exclusively processed in Germany. Data are only transferred to countries in which the EU GDPR does not apply (so-called third countries) in exceptional cases. According to art. 49 section 1 sub-section 1 e) EU GDPR, we can transfer data to third countries if, and in as far as this is required, to assert, exercise or defend legal claims, e.g. because the creditor is based in a third country, the data subject moves to a third country or uses foreign e-mail servers.

In as far as we carry out data processing in third countries via service providers (e.g. cloud services), these service providers are bound by contract in accordance with the legal requirements of the EU GDPR.

Every data subject has the right to information from Riverty Services GmbH in accordance with art. 15 EU GDPR, the right to correction according to art. 16 EU GDPR, the right to deletion according to art. 17 EU GDPR, the right to the restriction of processing according to art. 18 EU GDPR and the right to data portability according to art. 20 EU GDPR.


In addition, you can contact the supervisory authority in charge of Riverty Services GmbH, the State Office for Data Protection and Freedom of Information of North Rhine-Westphalia [Landesbeauftragte für Datenschutz und Informationsfreiheit Nordrhein-Westfalen], Kavalleriestraße 2 – 4, 40213 Düsseldorf.

Special data protection information on data processing by Riverty Services GmbH for the use of the Financial Analysis Assistant

The following data are processed: First name and surname of the person concerned, bank details as well as transaction details from the account.

The legal basis for the data processing is Art. 6 para. 1 p. 1 lit. a) GDPR.

The data are processed for the purpose of preparing the surplus income statement.

The consent given is valid for a maximum period of 90 days (depending on the selected banking institution) and allows Riverty Services access to all account information to create the financial analysis. For the purpose of product improvement, Riverty Services GmbH processes this information anonymously. The account information will not be stored beyond this.

Riverty Services GmbH automatically deletes the personal account information immediately after the financial analysis has been created and anonymised. The personal data of the financial analysis are stored exclusively within the app on the end device. The savings targets entered via the app are generally also stored at Riverty Services GmbH for the entire duration of use of the financial-analysis assistant. These data can be deleted at any time in the app via the delete button. Riverty Services GmbH will also delete these data after 12 months at the latest since the last use of the financial-analysis assistant. This period begins after the expiry of the maximum 90-day access to the bank account.

In principle, all data are only processed within the European Union. A transfer to countries in which the GDPR does not apply (so-called third countries) only takes place in exceptional cases. We may transfer the data to third countries pursuant to Art. 49 para. 1 subpara. 1 e) GDPR if and insofar as this is necessary for the assertion, exercise or defence of legal claims - e.g. because the creditor has its registered office in a third country, the data subject moves to a third country or uses foreign e-mail servers.

Insofar as we carry out data processing in third countries via service providers (e.g. cloud services), these service providers are contractually bound in accordance with the legal requirements of the GDPR.

Insofar as you have given your consent for us to contact you by telephone for the purpose of quality and product improvement, we process your data on the basis of Art. 6 para. 1 p. 1 lit. a) GDPR. Your feedback given during the contact will be evaluated by our technical experts and used to improve the quality and optimisation of the services.

Every data subject has the right to information from Riverty Services GmbH pursuant to Art. 15 GDPR, the right to rectification pursuant to Art. 16 GDPR, the right to erasure pursuant to Art. 17 GDPR, the right to restriction of processing pursuant to Art. 18 GDPR and the right to data transmission pursuant to Art. 20 GDPR.

In addition, there is the possibility of contacting the supervisory authority responsible for Riverty Services GmbH, the State Commissioner for Data Protection and Freedom of Information of North Rhine-Westphalia, Kavalleriestraße 2-4, 40213 Düsseldorf, Germany.

 

7. Chat communication channel

Special data protection notes regarding data processing by Riverty Services GmbH for the chat function

Riverty Services GmbH offers you the option of contacting us via the chat function.
 
Chat communication is available both automatically through a smart bot, and via our customer service team - which also addresses your specific requirements. The following data are processed: Name and first name of the data subject, e-mail address, phone number and the entire customer service correspondence.

In as far as a service provider processes data in third countries in the framework of the chat function (e.g. cloud use), the service provider is required by contract to comply with the legal requirements under EU GDPR.

Art. 6 section 1 sentence 1 lit. a) EU GDPR (Consent) forms the legal basis for data processing in using the chat function. You can revoke your consent to processing by Riverty Services GmbH in the framework of the chat function described above with effect for the future at any time. 
 

Every data subject has the right to information from Riverty Services GmbH in accordance with art. 15 EU GDPR, the right to correction according to art. 16 EU GDPR, the right to deletion according to art. 17 EU GDPR, the right to the restriction of processing according to art. 18 EU GDPR and the right to data portability according to art. 20 EU GDPR.

In addition, you can contact the supervisory authority in charge of Riverty Services GmbH, the State Office for Data Protection and Freedom of Information of North Rhine-Westphalia [Landesbeauftragte für Datenschutz und Informationsfreiheit Nordrhein-Westfalen], Kavalleriestraße 2 – 4, 40213 Düsseldorf.

 

8. Special data protection information on app and panel surveys

Insofar as you have given your consent to participate in panel surveys for the purpose of quality and product improvement, we process your data on the basis of Art. 6 Para. 1 S.1 lit. a GDPR. For this purpose, we may contact you via different communication channels (e.g. email, app). Your feedback given in the survey will be evaluated by our experts and used to improve the quality and optimisation of the services.

The following data is processed: First name and surname of the data subject, e-mail address, survey results, any information collected and stored as part of app use (Riverty Back in Flow app, e.g.: technical identifiers (IDs), bank and payment information).

The consent given can be revoked at any time at @email. As a result, no further requests for survey participation will be sent to you.

In principle, all data is only processed within the European Union. A transfer to countries in which the GDPR does not apply (so-called third countries) only takes place in exceptional cases. We may transfer the data to third countries pursuant to Article 49 (1) subparagraph 1 e) GDPR if and insofar as this is necessary for the assertion, exercise or defence of legal claims - e.g. because the creditor has its registered office in a third country, the data subject moves to a third country or uses foreign email servers.

Insofar as we carry out data processing in third countries via service providers (e.g. cloud services), these service providers are contractually bound in accordance with the legal requirements of the GDPR.

Every data subject has the right to information from Riverty Services GmbH pursuant to Article 15 of the GDPR, the right to rectification pursuant to Article 16 of the GDPR, the right to erasure pursuant to Article 17 GDPR, the right to restriction of processing pursuant to Article 18 GDPR and the right to data portability pursuant to Article 20 GDPR.

In addition, there is the possibility of contacting the supervisory authority responsible for Riverty Services GmbH, the State Commissioner for Data Protection and Freedom of Information of North Rhine-Westphalia  [Landesbeauftragte für Datenschutz und Informationsfreiheit Nordrhein-Westfalen], Kavalleriestraße 2-4, 40213 Düsseldorf.

 

D) Security notice

We have taken all necessary technical and organisational precautions to protect your personal data, in particular, against misuse. Your data are saved in a secure operating environment not accessible to the public. In line with this privacy statement, your information can only be accessed by specifically authorised persons.

Our information system is a secure area. A firewall has been installed to prevent access from other networks connected to the internet. Only employees who need the information to fulfil a special task are granted access to personal information. Our employees have received intensive training regarding data protection and security.
 
Your personal data are encrypted via the so-called Secure Socket Layer Technology (SSL) in transmission. This means that the communication between your computer and the servers used here is ensured using an approved encryption procedure, as long as your browser supports SSL.

 

E) Your rights

If the legal preconditions are fulfilled, the data subject has the following rights according to art. 15 to 22 EU GDPR: A right to information, correction, deletion, restriction of processing and data portability.

Moreover, according to art. 14 section 2 c) in conjunction with art. 21 EU GDPR, the data subject has a right to object to processing based on art. 6 section 1 f) EU GDPR.
 
In accordance with art. 77 EU GDPR, data subjects have the right to lodge a complaint with a data protection supervisory authority if they are of the opinion that processing of personal data was not lawful. The supervisory authority having competence for our company is:

 
The State Officer for Data Protection and Freedom of Information  
North Rhine-Westphalia
Kavalleriestraße 2 – 4
40213 Düsseldorf

In addition, however, you can also contact the supervisory authority having competence at the place of your residence to lodge a complaint.

 

Data protection notice regarding debt collection proceedings

Who are we? – Identity of the responsible body

Riverty Services GmbH
Gütersloher Str. 123
33415 Verl
Germany

 

Who is responsible for our data protection? – Contact data of the data protection officer

Riverty Services GmbH
Data Protection Officer: Nils Unverhau
Gütersloher Str. 123, 33415 Verl
Germany
E-mail: @email

 

Are we allowed to process data? – Purpose of processing and legal bases

Your data are processed for the purposes of contract processing, accounts management and the pursuit of rights. If the following legal bases are fulfilled, the data subject does not have to consent to data processing:  

Of course, we are only allowed to process data if there is a legal basis for such. Processing by us is lawful if, at least, one of the conditions under article 6 EU GDPR is fulfilled. In principle, your data have to be processed to ensure the fulfilment of a contract with our client (art. 6 section. 1 sentence 1 lit. b EU GDPR). In addition, data processing according to art. 6 section 1 f) EU GDPR is required to preserve our legitimate interests, or the legitimate interests of a third party. Our legitimate interests comprise the enforcement of the outstanding account. Moreover, processing can also be carried out to comply with legal requirements (art. 6 section 1 sentence 1 lit. c EU GDPR) comprising, in particular, compliance with retention requirements.

 

Which data do get from whom? – Data categories and sources

We process the following data categories: address data, banking data, credit rating information, claims data, communication data, master data, process data, contract data and, if required, payment data.

We are primarily provided with the data by our client. Further possible data sources can comprise credit agencies, field services, custodians, authorised recipients, service providers, third-party debtors, registration offices, courts, bailiffs, legal representatives, trade offices, correctional facilities, publicly accessible information sources, lawyers, original creditors, our clients’ lawyers and the data subject himself/herself.

In accordance with art. 6 section 1 sentence 1 lit. f) EU GDPR, we receive recurring credit rating information for the purpose of the respective accounts management from infoscore Consumer Data GmbH, Rheinstr. 99, 76532 Baden-Baden.

 

Who do we forward the data to? – The recipients

In the framework of the collection proceedings, your data are transferred to our client and, if applicable, to the following categories of recipients (should this be required and permitted): field teams, custodians, authorised representatives, service providers, third-party debtors, residents' registration offices, courts of law, bailiffs, legal representatives, trade offices, correctional facilities and lawyers.

 

Are data transferred to other countries? – Data transfer to third countries

In principle, all data are only processed in Germany. We only transfer data to countries in which EU GDPR does not apply (so-called third countries) in exceptional cases. We may only transfer data to third countries in accordance with art. 49 section 1 sub-section 1 lit. e EU GDPR if, and in as far as this is required, to assert, exercise or defend legal claims - e.g. because the creditor is based in a third country, has moved to a third country or uses foreign e-mail servers.

In as far as we process data in third countries via service providers (e.g. cloud services), these service providers are bound by contract to comply with the legal requirements under the EU GDPR.

 

For how long are data saved? – Term of data retention

Personal data are processed until the above-mentioned purposes have been fulfilled. This also includes the statutory retention requirements under the German Fiscal Code (AO), the Commercial Code (HGB) and the Sales Tax Act (UstG). After the purpose has been fulfilled, the data will be deleted.

Please note:

Even after the matter has been concluded, we have to save the data for up to ten years in accordance with the laws referred to above. However, processing of your data is restricted in accordance with art. 18 EU GDPR. At that point, the data are subject to access restrictions (“blocked”).

 

Rights of the data subject

If the statutory preconditions are fulfilled, you have the following rights under art. 15 to 20 EU GDPR: A right to information, correction, deletion, restriction of processing and to data portability.

Moreover, according to art. 14 section 2 c) in conjunction with art. 21 EU GDPR, you have the right to object to data processing based on art. 6 sub-section 1 f) EU GDPR.

According to art. 77 EU GDPR, you have the right to lodge a complaint with a supervisory authority if you think that processing of your personal data is unlawful. The supervisory authority having competence regarding our company is:  The State Office for Data Protection and Freedom of Information of North Rhine-Westphalia [Landesbeauftragte für Datenschutz und Informationsfreiheit Nordrhein-Westfalen], Kavalleriestraße 2 – 4, 40213 Düsseldorf.